|
246131
|
7.8 |
HIGH
Local
|
ftsafe
|
securecore
|
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC.
|
CWE-287
Improper Authentication
|
CVE-2018-16160
|
2024-11-21 12:52 |
2018-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246132
|
7.5 |
HIGH
Network
|
rack_project
|
rack
|
There is a possible DoS vulnerability in the multipart parser in Rack before 2.0.6. Specially crafted requests can cause the multipart parser to enter a pathological state, causing the parser to use …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2018-16470
|
2024-11-21 12:52 |
2018-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246133
|
6.1 |
MEDIUM
Network
|
rack_project
debian
|
rack
debian_linux
|
There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the …
|
CWE-79
Cross-site Scripting
|
CVE-2018-16471
|
2024-11-21 12:52 |
2018-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246134
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not properly verify the ASN.1 metadata. Consequently, a remote attacker can forge signatures w…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16253
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246135
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification does not reject excess data after the hash value. Consequently, a remote attacker can forge signatu…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16150
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246136
|
5.9 |
MEDIUM
Network
|
axtls_project
|
axtls
|
In sig_verify() in x509.c in axTLS version 2.1.3 and before, the PKCS#1 v1.5 signature verification blindly trusts the declared lengths in the ASN.1 structure. Consequently, when small public exponen…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2018-16149
|
2024-11-21 12:52 |
2018-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246137
|
7.5 |
HIGH
Network
|
knight_project
|
knight
|
A Path Traversal in Knightjs versions <= 0.0.1 allows an attacker to read content of arbitrary files on a remote server.
|
CWE-22
Path Traversal
|
CVE-2018-16475
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246138
|
6.1 |
MEDIUM
Network
|
tianma-static_project
|
tianma-static
|
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.
|
CWE-79
Cross-site Scripting
|
CVE-2018-16474
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246139
|
5.3 |
MEDIUM
Network
|
takeapeek_project
|
takeapeek
|
A path traversal in takeapeek module versions <=0.2.2 allows an attacker to list directory and files.
|
CWE-22
Path Traversal
|
CVE-2018-16473
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246140
|
7.5 |
HIGH
Network
|
cached-path-relative_project
debian
|
cached-path-relative
debian_linux
|
A prototype pollution attack in cached-path-relative versions <=1.0.1 allows an attacker to inject properties on Object.prototype which are then inherited by all the JS objects through the prototype …
|
CWE-20
Improper Input Validation
|
CVE-2018-16472
|
2024-11-21 12:52 |
2018-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
